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DETAILED ACTION 

1 . Claims 1-37 are pending. 

Specification 

2. Claims 34-37 are objected to because of the following informalities: Claim 34 is 
numbered as claim 33. thus making two claim 33s. The following claims erroneously 
follow in order. The second claim 33 should read 34 and the subsequent claims should 
read 35-37. Appropriate correction is required. 

Claim Objections 

3. Claim 6 objected to because of the following informalities: line 2 recites 
"bandwidth of connection throttling", wherein the Examiner assumes it should read 
"bandwidth or connection throttling". Appropriate correction is required. 

4. Claim 21 is objected to because there is no antecedent basis for "the firewall". 
Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 18 and 33 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. A computer readable medium as 
disclosed in the specification encompasses signals such as acoustic. Such carrier 
waves per se are considered non-statutory. 
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Claim Rejections - 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

6. Claim 19 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 

for failing to particularly point out and distinctly claim the subject matter which applicant 

regards as the invention.. It is unclear to the Examiner how the application programming 

interface and the enforcement module interrelate in the system. Does the application 

send a call to an API with connection parameters and then send an indication to the 

module to establish a connection? It is unclear how the elements are related and their 

specific function unique. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only If the international application designated the United States and was published under Article 21(2) 
of such treaty In the English language. 

7. Claim 1-3 and 12-15,18-26,30 and 33-35 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Malcolm (US Patent 7146638). 

8. As per claim 1, Malcolm discloses a computer-implemented method, comprising: 
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receiving a call from an application via an application programming interface, the 
call having parameters for a connection to an endpoint that the application desires to 
establish (column 6 lines 41-51 and column 2 lines 54-62 which discusses a well-known 
feature of communicating via an API); 

receiving an indication from the application that the application desires to 
establish the connection (column 4 lines 6-11); and 

making a call to a firewall to establish the connection in accordance with the 
parameters (column 7 lines 21-41). 

9. As per claim 2, Malcolm discloses the method of claim 1 , further comprising, at 
the firewall, evaluating the parameters with respect to a policy and, if the parameters 
meet the policy, establishing the network connection in accordance with the parameters 
(column 7 lines 21-41 wherein the policy is the rule established at the firewall). 

10. As per claim 3, Malcolm discloses the method of claim 1 , wherein the parameters 
comprise a known endpoint to which the application would like to be connected (column 
7 line 29). 

11. As per claim 12, Malcolm discloses the method of claim 1 , wherein the indication 
comprises opening a listening socket (column 7 lines 47-59). 

12. As per claim 13, Malcolm discloses the method of claim 1 , wherein the indication 
comprises connecting to a socket (column 7 lines 47-59). 

13. As per claim 14, Malcolm discloses the method of claim 1 , wherein the call to the 
firewall is made via a firewall application programming interface (see rejection to claim 
1). 
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14. As per claim 15, Malcolm discloses the method of claim 1 , wherein the firewall is 
located on a computer with the application (column 8 lines 62-64). 

15. As per claim 18, Malcolm discloses a computer-readable medium having 
computer-executable instructions for perfomning the method recited in claim 1 (see 
claim 1 and column 5 lines 51-54). 

16. Claim 19 is rejected because it discloses similar subject matter to claim 1 
wherein the computer system elements are necessarily described in Malcolm. 

1 7. Claim 20 is rejected because it discloses similar subject matter to claim 1 , 
wherein one may conclude the API discussed is a firewall API since it communicates 
with the firewall. 

18. Claim 21 is rejected because it discloses similar subject matter to claim 2, 
wherein establishing the policies is inherent and necessarily implied in Malcolm. 

1 9. As per claim 22, Malcolm discloses the method of claim 21 , further comprising if 
the connect attempt, the listen attempt, or the combination thereof does not comply with 
the policies, sending a notification to a user of the application or service (column 4 lines 
53-56). 

20. As per claim 23, Malcolm discloses the method of claim 22, wherein the 
notification comprises a selection to allow the connection (column 4lines 53-59). 

21 . As per claim 24, Malcolm discloses the method of claim 21 , wherein establishing 
the policies comprises receiving a policy from the application or service (column 4 lines 
38-47). 
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22. As per claim 25, Malcolm discloses the method of claim 24. wherein receiving 
policies comprises receiving policies via an application programming interface (see 
rejection to claim 1). 

23. As per claim 26, Malcolm discloses the method of claim 24, wherein the policy 
received from the application or service comprises inbound or outbound restrictions 
using one or more Internet Protocol addresses, information about scope of the 
connection, or combinations thereof (column 4 line 49 wherein the destination address 
is necessarily an IP address in view of the discussion). 

24. Claim 30 is rejected because it discusses similar subject matter to claim 15. 

25. Claim 33 is rejected because it discloses similar subject matter to claim 21 . 

26. Claim 34 is rejected because it discloses similar subject matter to claim 21 , 
wherein Malcolm discloses the interception module at the firewall. 

27. As per claim 35, Malcolm discloses the computer system of claim 33. wherein the 
interception module comprises a policy cache for storing the policies (see fig. 3). 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

28. Claims 4-6,9-1 1,16-17,27-29,31-32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Malcolm (US Patent 7146638) and further in view of Chakravarty (US 
PgPub 2004/0128545). 
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29. As per claim 4, Malcolm discloses the method of claim 3, but fails to specifically 
discuss wherein the parameters further comprise a request to limit the connection to a 
single connection. 

Chakravarty discloses a similar method to Malcolm wherein applications submit 
to a firewall specific parameters for enabling a connection through the firewall, wherein 
the parameters are directed specifically to protocol commands specific to the requesting 
application [0024] and [0027]. Chakravarty doesn't specifically disclose wherein the 
request limits the connection to a single connection, however, one of ordinary skill in the 
art would be well-aware that this is a specific requirement of HTTP protocol and thus 
may necessarily be included in Chakravarty. 

Chakravarty is analogous art because it is directed to a method of configuring a 
firewall to assist applications for establishing network communications. 

It would have been obvious for one of ordinary skill in the art to modify Malcolm 
to include wherein a request parameter for the firewall would include a request to limit 
the connection to a single connection. 

Motivation for one to modify Malcolm would be to include a method wherein an 
application that requires specific requirements may be able to dynamically configure the 
firewall to enable a communication through the firewall for many different protocols as 
discussed throughout Chakravarty specifically ( [0022] and [0031] lines 13 and 14). 

30. As per claim 5, Chakravarty discloses the method of claim 4, further comprising , 
after the connection has been established, closing the connection in accordance with 
the request. 
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The Examiner asserts that one of ordinary skill would be advised as to the 
requirements for HTTP and would necessary close the connection according to the 
request. 

31 . As per claim 6, Malcolm discloses the method of claim 1 , but does not disclose 
wherein the parameters comprise a request for bandwidth or connection throttling for 
the connection. 

The Examiner points to the rejection of claim 4 wherein Chakravarty discloses 
communicating parameters directed to specific applications. The Examiner notes that it 
would be obvious for a parameter of an application be directed to request for bandwidth 
or connection throttling. These are specific requirements or enhancements of well- 
known applications specifically peer-to-peer applications as would be well known to one 
of ordinary skill in the art. Motivation applies as stated in the rejection to claim 4. 

32. As per claim 9, Malcolm in discloses the method of claim 1, but does not include 
wherein the parameters comprise turning off or on specific protocol options. 

Chakravarty necessarily includes wherein the parameters may include turning on 
or off specific protocol options, considering as it is directly related for specifying protocol 
parameters related to the requesting application. Obviousness and motivation may be 
applied as discussed in the rejection to claim 4. 

33. As per claim 10, Malcolm discloses the method of claim 1 , but does not disclose 
wherein the parameters comprise information about a property of a flow that requires 
special handling. 
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Chakravarty discloses wherein the parameters comprise information about a 
property of a flow that requires special handling [0035]. 

Motivation to modify Malcolm to specify wherein the property of a flow requires 
special handling such as authorization or authentication would be such as to 
authenticate specific users for applications as is already commonly implemented in the 
art of firewalls and would be well-known to one of ordinary skill in the art. 

34. As per claim 1 1 , Malcolm discloses the method of claim 10, but does not disclose 
wherein the information comprises a request for authentication or encryption. 

Chakravarty does disclose wherein the information comprises a request for 
authentication or encryption (see rejection to claim 10). 

35. As per claim 16, Malcolm discloses the method of claim 1 , but does not disclose 
wherein the firewall comprises an edge firewall, and further comprising an agent to 
communicate information to the edge firewall about the connection. 

Chakravarty discloses wherein the firewall is an edge firewall 

36. As per claim 17, Malcolm discloses the method of claim 1 , wherein the firewall 
comprises an edge firewall, and further comprising an authenticated protocol to 
communicate infonnation to the edge firewall about the connection. 

37. Claim 27 is rejected because it discloses similar subject matter to claim 10. 

38. Claims 28 and 29 are rejected because they disclose subject matter similar to 
claim 11. 

39. Claims 31 and 32 are rejected because they disclose similar subject matter to 
that as discussed in claims 16 and 17 respectively. 
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40. Claims 7-8 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Malcolm (US Patent 7146638) and further in view of Chakravarty (US PgPub 
2004/0128545) and the Applicant's disclosure as prior art. 

41 . As per claim 7, Malcolm discloses the method of claim 1 , but does not disclose 
wherein the parameters comprise limiting the connection to a subset of interfaces, local 
addresses, or remote addresses, or combinations thereof. 

The Examiner asserts a similar rejection to that as applied for claim 6, wherein 
Chakravarty discloses the parameters being specific to an application. The Examiner 
argues that it would be obvious for one of ordinary skill in the art to include wherein one 
of the parameters is specifically to limit the connection to a subset of address. Not only 
is this a common feature known for applications in the art, but also the Applicant admits 
this as a known feature in firewalls commonly used in the art ([004] lines 1-4). It would 
be obvious for one to include in a parameter sent directly from an application to include 
those that are already currently and commonly implemented in firewalls in the art. 

42. As per claim 8, Malcolm discloses the method of claim 1 , but does not include 
wherein the parameters comprise a timeout policy for the connection. 

The examiner asserts that a timeout policy is a well-known rule or parameter 
found in firewalls implemented in the art and thus would be an obvious enhancement of 
the current method as disclosed by Malcolm in view of Chakravarty. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Bludau whose telephone number is 571- 
272-3722. The examiner can nomrially be reached on Monday -Friday 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding Is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status infomiation for unpublished applications Is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Brandon S Bludau 

Examiner 

Art Unit 2132 



